CVE-2023-6835
published 2023-12-15CVE-2023-6835: Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.52%
40.2th percentile
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | iot_server | — | — |
| wso2 | wso2_api_manager | >= 2.2.0.0 < 2.2.0.16 | 2.2.0.16 |
| wso2 | wso2_api_manager | >= 2.5.0.0 < 2.5.0.17 | 2.5.0.17 |
| wso2 | wso2_api_manager | >= 2.6.0.0 < 2.6.0.24 | 2.6.0.24 |
| wso2 | wso2_iot_server | >= 3.3.1.0 < 3.3.1.17 | 3.3.1.17 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
WSO2 API Manager allows attackers to change the API rating
osv·2023-12-15
CVE-2023-6835 [MEDIUM] WSO2 API Manager allows attackers to change the API rating
WSO2 API Manager allows attackers to change the API rating
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
GHSA
WSO2 API Manager allows attackers to change the API rating
ghsa·2023-12-15
CVE-2023-6835 [MEDIUM] CWE-20 WSO2 API Manager allows attackers to change the API rating
WSO2 API Manager allows attackers to change the API rating
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-15
Published